CVE-2025-69034 – This vulnerability allows attackers to include ... (How to Fix)

Q: What is the severity of CVE-2025-69034?

CVE-2025-69034 has a CVSS score of 8.1 (HIGH). This vulnerability allows attackers to include local PHP files through improper filename control in the Lekker WordPress theme. Attackers can potentially execute arbitrary code on affected WordPress installations. All WordPress sites using vulnerable versions of the Lekker theme are affected.

📋 TL;DR

This vulnerability allows attackers to include local PHP files through improper filename control in the Lekker WordPress theme. Attackers can potentially execute arbitrary code on affected WordPress installations. All WordPress sites using vulnerable versions of the Lekker theme are affected.

💻 Affected Systems

Products:

Mikado-Themes Lekker WordPress Theme

Versions: All versions up to and including 1.8

Operating Systems: Any OS running PHP

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WordPress installation with Lekker theme active. PHP configuration with allow_url_include disabled does not prevent local file inclusion.

📦 What is this software?

Lekker by Qodeinteractive

View all CVEs affecting Lekker →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full server compromise leading to data theft, ransomware deployment, or complete site takeover through remote code execution.

🟠

Likely Case

Unauthorized file access, sensitive information disclosure, or limited code execution within the web server context.

🟢

If Mitigated

Attack blocked at web application firewall level with no successful exploitation.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Simple HTTP requests can trigger the vulnerability. Public exploit details available in security advisories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version after 1.8

Vendor Advisory: https://patchstack.com/database/Wordpress/Theme/lekker/vulnerability/wordpress-lekker-theme-1-8-local-file-inclusion-vulnerability?_s_id=cve

Restart Required: No

Instructions:

1. Update Lekker theme to latest version via WordPress admin panel. 2. Verify theme version is >1.8. 3. Clear WordPress cache if applicable.

🔧 Temporary Workarounds

Disable vulnerable theme

all

Switch to default WordPress theme until patch can be applied

wp theme activate twentytwentyfour

Web Application Firewall rule

linux

Block requests containing local file inclusion patterns

ModSecurity rule: SecRule ARGS "\.\./" "id:1001,phase:2,deny,status:403"

🧯 If You Can't Patch

Implement strict file permission controls on web server directories
Deploy web application firewall with LFI detection rules

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Appearance > Themes for Lekker theme version <=1.8

Check Version:

wp theme list --field=name,status,version | grep lekker

Verify Fix Applied:

Confirm theme version >1.8 and test with known exploit payloads

📡 Detection & Monitoring

Log Indicators:

HTTP requests with ../ patterns in parameters
PHP include/require errors in web server logs
Unusual file access patterns from web root

Network Indicators:

HTTP GET/POST requests with file path traversal sequences
Requests to theme-specific endpoints with parameter manipulation

SIEM Query:

source="web.log" AND ("../" OR "..\" OR "/etc/" OR "/proc/") AND uri_path="*lekker*"

📊 Metadata

CVE ID: CVE-2025-69034

CVSS v3 Score: 8.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CWE: CWE-98

EPSS Score: 0.06% exploit probability (16.9th percentile)

Published: December 30, 2025

Last Updated: January 29, 2026

🔗 References

https://patchstack.com/database/Wordpress/Theme/lekker/vulnerability/wordpress-lekker-theme-1-8-local-file-inclusion-vulnerability?_s_id=cve Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-69034, you might also want to check these: